aboutsummaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Expose alloc functions for EC{PK,}PARAMETERSKazuki Yamaguchi2016-08-221-0/+2
| | | | | | | | | | Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The free functions are necessary because EC_GROUP_get_ec{pk,}parameters() was made public by commit 60b350a3ef96 ("RT3676: Expose ECgroup i2d functions"). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* crypto/pkcs12: facilitate accessing data with non-interoperable password.Andy Polyakov2016-08-221-13/+3
| | | | | | | | | | | Originally PKCS#12 subroutines treated password strings as ASCII. It worked as long as they were pure ASCII, but if there were some none-ASCII characters result was non-interoperable. But fixing it poses problem accessing data protected with broken password. In order to make asscess to old data possible add retry with old-style password. Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: default to UTF-8.Andy Polyakov2016-08-221-2/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* crypto/pkcs12: add UTF8 support.Andy Polyakov2016-08-221-1/+8
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Move BIO index lock creationRich Salz2016-08-211-0/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add X509_getm_notBefore, X509_getm_notAfterDr. Stephen Henson2016-08-211-4/+6
| | | | | | | | Add mutable versions of X509_get0_notBefore and X509_get0_notAfter. Rename X509_SIG_get0_mutable to X509_SIG_getm. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Duplicate includesFdaSilvaYY2016-08-201-1/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1475)
* Add BIO_get_new_index()Rich Salz2016-08-191-28/+30
| | | | Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Constify certificate and CRL time routines.Dr. Stephen Henson2016-08-191-8/+24
| | | | | | Update certificate and CRL time routines to match new standard. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert PKCS12* functions to use const gettersMatt Caswell2016-08-191-14/+18
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Update function error codeMatt Caswell2016-08-191-1/+1
| | | | | | A function error code needed updating due to merge issues. Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix DTLS replay protectionMatt Caswell2016-08-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The DTLS implementation provides some protection against replay attacks in accordance with RFC6347 section 4.1.2.6. A sliding "window" of valid record sequence numbers is maintained with the "right" hand edge of the window set to the highest sequence number we have received so far. Records that arrive that are off the "left" hand edge of the window are rejected. Records within the window are checked against a list of records received so far. If we already received it then we also reject the new record. If we have not already received the record, or the sequence number is off the right hand edge of the window then we verify the MAC of the record. If MAC verification fails then we discard the record. Otherwise we mark the record as received. If the sequence number was off the right hand edge of the window, then we slide the window along so that the right hand edge is in line with the newly received sequence number. Records may arrive for future epochs, i.e. a record from after a CCS being sent, can arrive before the CCS does if the packets get re-ordered. As we have not yet received the CCS we are not yet in a position to decrypt or validate the MAC of those records. OpenSSL places those records on an unprocessed records queue. It additionally updates the window immediately, even though we have not yet verified the MAC. This will only occur if currently in a handshake/renegotiation. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means the right hand edge of the window is moved very far to the right, and all subsequent legitimate packets are dropped causing a denial of service. A similar effect can be achieved during the initial handshake. In this case there is no MAC key negotiated yet. Therefore an attacker can send a message for the current epoch with a very large sequence number. The code will process the record as normal. If the hanshake message sequence number (as opposed to the record sequence number that we have been talking about so far) is in the future then the injected message is bufferred to be handled later, but the window is still updated. Therefore all subsequent legitimate handshake records are dropped. This aspect is not considered a security issue because there are many ways for an attacker to disrupt the initial handshake and prevent it from completing successfully (e.g. injection of a handshake message will cause the Finished MAC to fail and the handshake to be aborted). This issue comes about as a result of trying to do replay protection, but having no integrity mechanism in place yet. Does it even make sense to have replay protection in epoch 0? That issue isn't addressed here though. This addressed an OCAP Audit issue. CVE-2016-2181 Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add X509_get0_serialNumber() and constify OCSP_cert_to_id()Dr. Stephen Henson2016-08-192-4/+6
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* constify X509_REQ_get0_signature()Dr. Stephen Henson2016-08-191-2/+2
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* constify i2o_ECPublicKeyDr. Stephen Henson2016-08-191-1/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify i2a*Dr. Stephen Henson2016-08-182-3/+3
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Convert X509_REVOKED* functions to use const gettersMatt Caswell2016-08-182-4/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Don't try to init dasync internallyRichard Levitte2016-08-171-2/+1
| | | | | | | | Since dasync isn't installed, and is only ever used as a dynamic engine, there's no reason to consider it for initialization when building static engines. Reviewed-by: Ben Laurie <ben@openssl.org>
* Constify X509_SIG.Dr. Stephen Henson2016-08-172-10/+15
| | | | | | | | | Constify X509_SIG_get0() and order arguments to mactch new standard. Add X509_SIG_get0_mutable() to support modification or initialisation of an X509_SIG structure. Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify X509_certificate_type()Dr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify X509_get0_signature()Dr. Stephen Henson2016-08-171-1/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert X509* functions to use const gettersDr. Stephen Henson2016-08-172-6/+7
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Convert X509_CRL* functions to use const gettersMatt Caswell2016-08-172-6/+7
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Make X509_NAME_get0_der() conform to OpenSSL styleMatt Caswell2016-08-171-2/+2
| | | | | | | Put the main object first in the params list. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Convert OCSP* functions to use const gettersMatt Caswell2016-08-171-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Constify private key decode.Dr. Stephen Henson2016-08-172-4/+4
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* constify X509_ALGOR_get0()Dr. Stephen Henson2016-08-171-2/+2
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Constify ASN1_item_unpack().Dr. Stephen Henson2016-08-171-1/+1
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Add missing session id and tlsext_status accessorsRemi Gacogne2016-08-172-0/+12
| | | | | | | | | | * SSL_SESSION_set1_id() * SSL_SESSION_get0_id_context() * SSL_CTX_get_tlsext_status_cb() * SSL_CTX_get_tlsext_status_arg() Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Convert SSL_SESSION* functions to use const gettersMatt Caswell2016-08-161-1/+1
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Convert PKCS8* functions to use const gettersMatt Caswell2016-08-162-2/+4
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Convert TS_STATUS_INFO* functions to use const gettersMatt Caswell2016-08-161-3/+5
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* Provide compat macros for SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto()Matt Caswell2016-08-161-0/+2
| | | | | | | | | | | These functions are no longer relevant to 1.1.0 (we always have auto ecdh on) - but no reason to break old code that tries to call it. The macros will only return a dummy "success" result if the app was trying to enable ecdh. Disabling can't be done in quite this way any more. Fixes Github Issue #1437 Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
* Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().Dr. Stephen Henson2016-08-161-1/+2
| | | | | | | | Deprecate the function ASN1_STRING_data() and replace with a new function ASN1_STRING_get0_data() which returns a constant pointer. Update library to use new function. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functionsRob Percival2016-08-151-4/+12
| | | | | | | | | They may fail if they cannot increment the reference count of the certificate they are storing a pointer for. They should return 0 if this occurs. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
* Improves CTLOG_STORE settersRob Percival2016-08-151-6/+6
| | | | | | | | Changes them to have clearer ownership semantics, as suggested in https://github.com/openssl/openssl/pull/1372#discussion_r73232196. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1408)
* Add point ctrls to X25519Dr. Stephen Henson2016-08-131-0/+7
| | | | | | | Add ctrl operations to set or retrieve encoded point in EVP_PKEY structures containing X25519 keys. Reviewed-by: Rich Salz <rsalz@openssl.org>
* make errorsDr. Stephen Henson2016-08-131-0/+6
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Use OIDs from draft-ietf-curdle-pkix-02Dr. Stephen Henson2016-08-131-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* GH1446: Add SSL_SESSION_get0_cipherRich Salz2016-08-121-0/+1
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1451)
* Add #defines for magic numbers in API.Rich Salz2016-08-101-0/+9
| | | | | | Binary- and backward-compatible. Just better. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1429)
* Fix spelling of error codeKurt Roeckx2016-08-101-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1421)
* Add some const castsRich Salz2016-08-102-9/+9
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1397)
* GH1383: Add casts to ERR_PACKRich Salz2016-08-101-5/+7
| | | | | Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1385
* Mkae CT_log_new_from_base64 always return 0 on failureRob Percival2016-08-051-1/+4
| | | | | | | | | | In one failure case, it used to return -1. That failure case (CTLOG_new() returning NULL) was not usefully distinct from all of the other failure cases. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1407)
* spelling fixes, just comments and readme.klemens2016-08-052-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1413)
* Removes CTLOG_new_null from the CT public APIRob Percival2016-08-051-6/+0
| | | | | | | | This is an entirely useless function, given that CTLOG is publicly immutable. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1406)
* Added appropriate OPENSSL_NO_STDIO to PKCS12 headerDániel Bakai2016-08-051-0/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
* Make DTLS1_BAD_VER work with DTLS_client_method()David Woodhouse2016-08-041-2/+5
| | | | | | | | | | | | | DTLSv1_client_method() is deprecated, but it was the only way to obtain DTLS1_BAD_VER support. The SSL_OP_CISCO_ANYCONNECT hack doesn't work with DTLS_client_method(), and it's relatively non-trivial to make it work without expanding the hack into lots of places. So deprecate SSL_OP_CISCO_ANYCONNECT with DTLSv1_client_method(), and make it work with SSL_CTX_set_{min,max}_proto_version(DTLS1_BAD_VER) instead. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Remove "lockit" from internal error-hash functionRich Salz2016-08-041-2/+0
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1389)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-17 10:14:14 +0000